WLAN Commands

clear ipv6 neighbor-binding

To clear the IPv6 neighbor binding table entries or counters, use the clear ipv6 neighbor-binding command.

clear ipv6 neighbor-binding { table { mac mac_address | vlan vlan_id | port port | ipv6 ipv6-address | all} | counters}

Syntax Description

table

Clears the IPv6 neighbor binding table.

mac

Clears the neighbor binding table entries for a MAC address.

mac_address

MAC address of the client.

vlan

Clears the neighbor binding table entries for a VLAN.

vlan_id

VLAN identifier.

port

Clears the neighbor binding table entries for a port.

port

Port number.

ipv6

Clears the neighbor binding table entries for an IPv6 address.

ipv6_address

IPv6 address of the client.

all

Clears the entire neighbor binding table.

counters

Clears IPv6 neighbor binding counters.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to clear the IPv6 neighbor binding table entries for a VLAN:

(Cisco Controller) >clear ipv6 neighbor-binding table vlan 1

config 802.11 dtpc

To enable or disable the Dynamic Transmit Power Control (DTPC) setting for an 802.11 network, use the config 802.11 dtpc command.

config 802.11{ a | b} dtpc { enable | disable}

Syntax Description

a

Specifies the 802.11a network.

b

Specifies the 802.11b/g network.

enable

Enables the support for this command.

disable

Disables the support for this command.

Command Default

The default DTPC setting for an 802.11 network is enabled.

Command History

Release Modification

7.6

This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable DTPC for an 802.11a network:


(Cisco Controller) > config 802.11a dtpc disable

config advanced hotspot

To configure advanced hotspot configurations, use the config advanced hotspot command.

config advanced hotspot { anqp-4way { disable | enable | threshold value } | cmbk-delay value | garp { disable | enable } | gas-limit { disable | enable } }

Syntax Description

anqp-4way

Enables, disables, or, configures the Access Network Query Protocol (ANQP) four way fragment threshold.

disable

Disables the ANQP four way message.

enable

Enables the ANQP four way message.

threshold

Configures the ANQP fourway fragment threshold.

value

ANQP four way fragment threshold value in bytes. The range is from 10 to 1500. The default value is 1500.

cmbk-delay

Configures the ANQP comeback delay in Time Units (TUs).

value

ANQP comeback delay in Time Units (TUs). 1 TU is defined by 802.11 as 1024 usec. The range is from 1 milliseconds to 30 seconds.

garp

Disables or enables the Gratuitous ARP (GARP) forwarding to wireless network.

disable

Disables the Gratuitous ARP (GARP) forwarding to wireless network.

enable

Enables the Gratuitous ARP (GARP) forwarding to wireless network.

gas-limit

Limits the number of Generic Advertisement Service (GAS) request action frames sent to the switch by an access point in a given interval.

disable

Disables the GAS request action frame limit on access points.

enable

Enables the GAS request action frame limit on access points.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the ANQP four way fragment threshold value:

(Cisco Controller) >config advanced hotspot anqp-4way threshold 200

config auto-configure voice

To auto-configure voice deployment in WLANs, use the config auto-configure voice command.

config auto-configure voice cisco wlan_id radio { 802.11a | 802.11b | all}

Syntax Description

cisco

Auto-configure WLAN for voice deployment of Cisco end points.

wlan_id

Wireless LAN identifier from 1 to 512 (inclusive).

radio

Auto-configures voice deployment for a radio in a WLAN.

802.11a

Auto-configures voice deployment for 802.11a in a WLAN.

802.11b

Auto-configures voice deployment for 802.11b in a WLAN.

all

Auto-configures voice deployment for all radios in a WLAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you configure this command, all WLANs and radios are automatically disabled. After the completion of the configuration, the previous state of the WLANs and radios is restored.

Examples

The following example shows how to auto-configure voice deployment for all radios in a WLAN:

(Cisco Controller) >config auto-configure voice cisco 2 radio all
Warning! This command will automatically disable all WLAN's and Radio's.
 It will be reverted to the previous state once configuration is complete.
 Are you sure you want to continue? (y/N)y


Auto-Configuring these commands in WLAN for Voice..
 wlan qos 2 platinum 
 - Success
 wlan call-snoop enable 2 
 - Success
 wlan wmm allow 2 
 - Success
 wlan session-timeout 2 86400
 - Success
 wlan peer-blocking disable 2
 - Success
 wlan security tkip hold-down 0 2 
 - Success
 wlan exclusionlist 2 disable 
 - Success
 wlan mac-filtering disable 2
 - Success
 wlan dtim 802.11a 2 2
 - Success
 wlan dtim 802.11b 2 2
 - Success
 wlan ccx aironetIeSupport  enabled 2
 - Success
 wlan channel-scan defer-priority 4 enable 2 
 - Success
 wlan channel-scan defer-priority 5 enable 2 
 - Success
 wlan channel-scan defer-priority 6 enable 2 
 - Success
 wlan channel-scan defer-time 100 2 
 - Success
wlan load-balance allow disable 2
 - Success
 wlan mfp client enable 2
 - Success
 wlan security wpa akm  cckm enable 2
 - Success
 wlan security wpa akm cckm timestamp-tolerance  5000 2
 - Success
 wlan band-select allow disable 2 
 - Success
***********************************************

Auto-Configuring these commands for Voice - Radio 802.11a.

 advanced 802.11a edca-parameter optimized-voice
 - Success
 802.11a cac voice acm enable 
 - Success
 802.11a cac voice max-bandwidth 75 
 - Success
 802.11a cac voice roam-bandwidth 6 
 - Success
 802.11a cac voice cac-method load-based 
 - Success
 802.11a cac voice sip disable 
 - Success
 802.11a tsm enable 
 - Success
 802.11a exp-bwreq  enable 
 - Success
 802.11a txPower global auto 
 - Success
 802.11a channel global auto 
 - Success
 advanced 802.11a channel dca interval 24
 - Success
 advanced 802.11a channel dca anchor-time 0
 - Success
 qos protocol-type platinum dot1p
 - Success
 qos dot1p-tag platinum 6
 - Success
 qos priority platinum voice voice besteffort
 - Success
 802.11a beacon period 100 
 - Success
 802.11a dtpc enable
 - Success
 802.11a Coverage Voice RSSI Threshold -70
 - Success
 802.11a txPower global min 11
  - Success
 advanced eap eapol-key-timeout 250
 - Success
 advanced 802.11a voice-mac-optimization disable 
 - Success
802.11h channelswitch enable 1
 - Success
Note: Data rate configurations are not changed.
It should be changed based on the recommended values after analysis.
***********************************************

Auto-Configuring these commands for Voice - Radio 802.11b.
 advanced 802.11b edca-parameter optimized-voice
 - Success
 802.11b cac voice acm enable 
 - Success
 802.11b cac voice max-bandwidth 75 
 - Success
 802.11b cac voice roam-bandwidth 6 
 - Success
 802.11b cac voice cac-method load-based 
 - Success
 802.11b cac voice sip disable 
 - Success
 802.11b tsm enable 
 - Success
 802.11b exp-bwreq  enable 
 - Success
 802.11b txPower global auto
  - Success
 802.11b channel global auto - Success
 advanced 802.11b channel dca interval 24
 - Success
 advanced 802.11b channel dca anchor-time 0
 - Success
 802.11b beacon period 100 
 - Success
 802.11b dtpc enable 
 - Success
 802.11b Coverage Voice RSSI Threshold -70
 - Success
 802.11b preamble short 
 - Success
advanced 802.11a voice-mac-optimization disable 
 - Success
Note: Data rate configurations are not changed.
It should be changed based on the recommended values after analysis.

config client ccx clear-reports

To clear the client reporting information, use the config client ccx clear-reports command.

config client ccx clear-reports client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to clear the reporting information of the client MAC address 00:1f:ca:cf:b6:60:

(Cisco Controller) >config client ccx clear-reports 00:1f:ca:cf:b6:60

config client ccx clear-results

To clear the test results on the controller, use the config client ccx clear-results command.

config client ccx clear-results client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to clear the test results of the client MAC address 00:1f:ca:cf:b6:60:

(Cisco Controller) >config client ccx clear-results 00:1f:ca:cf:b6:60

config client ccx default-gw-ping

To send a request to the client to perform the default gateway ping test, use the config client ccx default-gw-ping command.

config client ccx default-gw-ping client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client00:0b:85:02:0d:20 to perform the default gateway ping test:

(Cisco Controller) >config client ccx default-gw-ping 00:0b:85:02:0d:20

config client ccx dhcp-test

To send a request to the client to perform the DHCP test, use the config client ccx dhcp-test command.

config client ccx dhcp-test client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

 This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DHCP test:

(Cisco Controller) >config client ccx dhcp-test 00:E0:77:31:A3:55

config client ccx dns-ping

To send a request to the client to perform the Domain Name System (DNS) server IP address ping test, use the config client ccx dns-ping command.

config client ccx dns-ping client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to a client to perform the DNS server IP address ping test:

(Cisco Controller) >config client ccx dns-ping 00:E0:77:31:A3:55

config client ccx dns-resolve

To send a request to the client to perform the Domain Name System (DNS) resolution test to the specified hostname, use the config client ccx dns-resolve command.

config client ccx dns-resolve client_mac_address host_name

Syntax Description

client_mac_address

MAC address of the client.

host_name

Hostname of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This test does not require the client to use the diagnostic channel.

Examples

The following example shows how to send a request to the client 00:E0:77:31:A3:55 to perform the DNS name resolution test to the specified hostname:

(Cisco Controller) >config client ccx dns-resolve 00:E0:77:31:A3:55 host_name

config client ccx get-client-capability

To send a request to the client to send its capability information, use the config client ccx get-client-capability command.

config client ccx get-client-capability client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client 172.19.28.40 to send its capability information:

(Cisco Controller) >config client ccx get-client-capability 172.19.28.40

config client ccx get-manufacturer-info

To send a request to the client to send the manufacturer’s information, use the config client ccx get-manufacturer-info command.

config client ccx get-manufacturer-info client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client 172.19.28.40 to send the manufacturer’s information:

(Cisco Controller) >config client ccx get-manufacturer-info 172.19.28.40

config client ccx get-operating-parameters

To send a request to the client to send its current operating parameters, use the config client ccx get-operating-parameters command.

config client ccx get-operating-parameters client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client 172.19.28.40 to send its current operating parameters:

(Cisco Controller) >config client ccx get-operating-parameters 172.19.28.40

config client ccx get-profiles

To send a request to the client to send its profiles, use the config client ccx get-profiles command.

config client ccx get-profiles client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client 172.19.28.40 to send its profile details:

(Cisco Controller) >config client ccx get-profiles 172.19.28.40

config client ccx log-request

To configure a Cisco client eXtension (CCX) log request for a specified client device, use the config client ccx log-request command.

config client ccx log-request { roam | rsna | syslog} client_mac_address

Syntax Description

roam

(Optional) Specifies the request to specify the client CCX roaming log.

rsna

(Optional) Specifies the request to specify the client CCX RSNA log.

syslog

(Optional) Specifies the request to specify the client CCX system log.

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to specify the request to specify the client CCS system log:

(Cisco Controller) >config client ccx log-request syslog 00:40:96:a8:f7:98
Tue Oct 05 13:05:21 2006
SysLog Response LogID=1: Status=Successful
Event Timestamp=121212121212
Client SysLog = 'This is a test syslog 2'
Event Timestamp=121212121212
Client SysLog = 'This is a test syslog 1'
Tue Oct 05 13:04:04 2006
SysLog Request LogID=1

The following example shows how to specify the client CCX roaming log:

(Cisco Controller) >config client ccx log-request roam 00:40:96:a8:f7:98
Thu Jun 22 11:55:14 2006
Roaming Response LogID=20: Status=Successful
Event Timestamp=121212121212
Source BSSID=00:40:96:a8:f7:98, Target BSSID=00:0b:85:23:26:70,
Transition Time=100(ms)
Transition Reason: Unspecified Transition Result: Success
Thu Jun 22 11:55:04 2006
Roaming Request LogID=20
Thu Jun 22 11:54:54 2006
Roaming Response LogID=19: Status=Successful
Event Timestamp=121212121212
Source BSSID=00:40:96:a8:f7:98, Target BSSID=00:0b:85:23:26:70,
Transition Time=100(ms)
Transition Reason: Unspecified Transition Result: Success
Thu Jun 22 11:54:33 2006  Roaming Request LogID=19

The following example shows how to specify the client CCX RSNA log:

(Cisco Controller) >config client ccx log-request rsna 00:40:96:a8:f7:98
Tue Oct 05 11:06:48 2006
RSNA Response LogID=2: Status=Successful
Event Timestamp=242424242424
Target BSSID=00:0b:85:23:26:70
RSNA Version=1
Group Cipher Suite=00-x0f-ac-01
Pairwise Cipher Suite Count = 2
Pairwise Cipher Suite 0 = 00-0f-ac-02
Pairwise Cipher Suite 1 = 00-0f-ac-04
AKM Suite Count = 2
KM Suite 0 = 00-0f-ac-01
KM Suite 1 = 00-0f-ac-02
SN Capability = 0x1
PMKID Count = 2
PMKID 0 = 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
PMKID 1 = 0a 0b 0c 0d 0e 0f 17 18 19 20 1a 1b 1c 1d 1e 1f
802.11i Auth Type: EAP_FAST
RSNA Result: Success

config client ccx send-message

To send a message to the client, use the config client ccx send-message command.

config client ccx send-message client_mac_address message_id

Syntax Description

client_mac_address

MAC address of the client.

message_id

Message type that involves one of the following:

  • 1—The SSID is invalid.

  • 2—The network settings are invalid.

  • 3—There is a WLAN credibility mismatch.

  • 4—The user credentials are incorrect.

  • 5—Please call support.

  • 6—The problem is resolved.

  • 7—The problem has not been resolved.

  • 8—Please try again later.

  • 9—Please correct the indicated problem.

  • 10—Troubleshooting is refused by the network.

  • 11—Retrieving client reports.

  • 12—Retrieving client logs.

  • 13—Retrieval complete.

  • 14—Beginning association test.

  • 15—Beginning DHCP test.

  • 16—Beginning network connectivity test.

  • 17—Beginning DNS ping test.

  • 18—Beginning name resolution test.

  • 19—Beginning 802.1X authentication test.

  • 20—Redirecting client to a specific profile.

  • 21—Test complete.

  • 22—Test passed.

  • 23—Test failed.

  • 24—Cancel diagnostic channel operation or select a WLAN profile to resume normal operation.

  • 25—Log retrieval refused by the client.

  • 26—Client report retrieval refused by the client.

  • 27—Test request refused by the client.

  • 28—Invalid network (IP) setting.

  • 29—There is a known outage or problem with the network.

  • 30—Scheduled maintenance period.

    (continued on next page)

message_type (cont.)

  • 31—The WLAN security method is not correct.

  • 32—The WLAN encryption method is not correct.

  • 33—The WLAN authentication method is not correct.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a message to the client MAC address 172.19.28.40 with the message user-action-required:

(Cisco Controller) >config client ccx send-message 172.19.28.40 user-action-required

config client ccx stats-request

To send a request for statistics, use the config client ccx stats-request command.

config client ccx stats-request measurement_duration { dot11 | security} client_mac_address

Syntax Description

measurement_duration

Measurement duration in seconds.

dot11

(Optional) Specifies dot11 counters.

security

(Optional) Specifies security counters.

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to specify dot11 counter settings:

(Cisco Controller) >config client ccx stats-request 1 dot11 00:40:96:a8:f7:98
Measurement duration = 1
dot11TransmittedFragmentCount       = 1
dot11MulticastTransmittedFrameCount = 2
dot11FailedCount                    = 3
dot11RetryCount                     = 4
dot11MultipleRetryCount             = 5
dot11FrameDuplicateCount            = 6
dot11RTSSuccessCount                = 7
dot11RTSFailureCount                = 8
dot11ACKFailureCount                = 9
dot11ReceivedFragmentCount          = 10
dot11MulticastReceivedFrameCount    = 11
dot11FCSErrorCount                  = 12
dot11TransmittedFrameCount          = 13

config client ccx test-abort

To send a request to the client to terminate the current test, use the config client ccx test-abort command.

config client ccx test-abort client_mac_address

Syntax Description

client_mac_address

MAC address of the client.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Only one test can be pending at a time.

Examples

The following example shows how to send a request to a client to terminate the correct test settings:

(Cisco Controller) >config client ccx test-abort 11:11:11:11:11:11

config client ccx test-association

To send a request to the client to perform the association test, use the config client ccx test-association command.

config client ccx test-association client_mac_address ssid bssid 802.11{ a | b | g} channel

Syntax Description

client_mac_address

MAC address of the client.

ssid

Network name.

bssid

Basic SSID.

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

802.11g

Specifies the 802.11g network.

channel

Channel number.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client MAC address 00:0E:77:31:A3:55 to perform the basic SSID association test:

(Cisco Controller) >config client ccx test-association 00:E0:77:31:A3:55 ssid bssid 802.11a

config client ccx test-dot1x

To send a request to the client to perform the 802.1x test, use the config client ccx test-dot1x command.

config client ccx test-dot1x client_mac_address profile_id bssid 802.11 { a | b | g} channel

Syntax Description

client_mac_address

MAC address of the client.

profile_id

Test profile name.

bssid

Basic SSID.

802.11a

Specifies the 802.11a network.

802.11b

Specifies the 802.11b network.

802.11g

Specifies the 802.11g network.

channel

Channel number.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client to perform the 802.11b test with the profile name profile_01:

(Cisco Controller) >config client ccx test-dot1x 172.19.28.40 profile_01 bssid 802.11b

config client ccx test-profile

To send a request to the client to perform the profile redirect test, use the config client ccx test-profile command.

config client ccx test-profile client_mac_address profile_id

Syntax Description

client_mac_address

MAC address of the client.

profile_id

Test profile name.

Note 

The profile_id should be from one of the client profiles for which client reporting is enabled.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to send a request to the client to perform the profile redirect test with the profile name profile_01:

(Cisco Controller) >config client ccx test-profile 11:11:11:11:11:11 profile_01

config client deauthenticate

To disconnect a client, use the config client deauthenticate command.

config client deauthenticate { MAC | IPv4/v6_address | user_name}

Syntax Description

MAC

Client MAC address.

IPv4/v6_address

IPv4 or IPv6 address.

user_name

Client user name.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to deauthenticate a client using its MAC address:


(Cisco Controller) >config client deauthenticate 11:11:11:11:11

config ipv6 disable

To disable IPv6 globally on the Cisco WLC, use the config ipv6 disable command .

config ipv6 disable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you use this command, the controller drops all IPv6 packets and the clients will not receive any IPv6 address.

Examples

The following example shows how to disable IPv6 on the controller:

(Cisco Controller) >config ipv6 disable

config ipv6 enable

To enable IPv6 globally on the Cisco WLC, use the config ipv6 enable command.

config ipv6 enable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable IPv6 on the Cisco WLC:

(Cisco Controller) >config ipv6 enable

config ipv6 neighbor-binding

To configure the Neighbor Binding table on the Cisco wireless LAN controller, use the config ipv6 neighbor-binding command.

config ipv6 neighbor-binding { timers { down-lifetime down_time | reachable-lifetime reachable_time | stale-lifetime stale_time } | { ra-throttle { allow at-least at_least_value} | enable | disable | interval-option { ignore | passthrough | throttle } | max-through { no_mcast_RA | no-limit} | throttle-period throttle_period}}

Syntax Description

timers

Configures the neighbor binding table timeout timers.

down-lifetime

Configures the down lifetime.

down_time

Down lifetime in seconds. The range is from 0 to 86400. The default is 30 seconds.

reachable-lifetime

Configures the reachable lifetime.

reachable_time

Reachable lifetime in seconds. The range is from 0 to 86400. The default is 300 seconds.

stale-lifetime

Configures the stale lifetime.

stale_time

Stale lifetime in seconds. The range is from 0 to 86400. The default is 86400 seconds.

ra-throttle

Configures IPv6 RA throttling options.

allow

Specifies the number of multicast RAs per router per throttle period.

at_least_value

Number of multicast RAs from router before throttling. The range is from 0 to 32. The default is 1.

enable

Enables IPv6 RA throttling.

disable

Disables IPv6 RA throttling.

interval-option

Adjusts the behavior on RA with RFC3775 interval option.

ignore

Indicates interval option has no influence on throttling.

passthrough

Indicates all RAs with RFC3775 interval option will be forwarded (default).

throttle

Indicates all RAs with RFC3775 interval option will be throttled.

max-through

Specifies unthrottled multicast RAs per VLAN per throttle period.

no_mcast_RA

Number of multicast RAs on VLAN by which throttling is enforced. The default multicast RAs on vlan is 10.

no-limit

Configures no upper bound at the VLAN level.

throttle-period

Configures the throttle period.

throttle_period

Duration of the throttle period in seconds. The range is from 10 to 86400 seconds. The default is 600 seconds.

Command Default

This command is disabled by default.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the Neighbor Binding table:

(Cisco Controller) >config ipv6 neighbor-binding ra-throttle enable

config ipv6 na-mcast-fwd

To configure the Neighbor Advertisement multicast forwarding, use the config ipv6 na-mcast-fwd command.

config ipv6 na-mcast-fwd { enable | disable}

Syntax Description

enable

Enables Neighbor Advertisement multicast forwarding.

disable

Disables Neighbor Advertisement multicast forwarding.

Command Default

None

Command History

Release Modification

7.5

This command was introduced.

Usage Guidelines

If you enable Neighbor Advertisement multicast forwarding, all the unsolicited multicast Neighbor Advertisement from wired or wireless is not forwarded to wireless.

If you disable Neighbor Advertisement multicast forwarding, IPv6 Duplicate Address Detection (DAD) of the controller is affected.

Examples

The following example shows how to configure an Neighbor Advertisement multicast forwarding:


(Cisco Controller) >config ipv6 na-mcast-fwd enable

config ipv6 ns-mcast-fwd

To configure the nonstop multicast cache miss forwarding, use the config ipv6 ns-mcast-fwd command.

config ipv6 ns-mcast-fwd { enable | disable}

Syntax Description

enable

Enables nonstop multicast forwarding on a cache miss.

disable

Disables nonstop multicast forwarding on a cache miss.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure an nonstop multicast forwarding:

(Cisco Controller) >config ipv6 ns-mcast-fwd enable

config ipv6 ra-guard

To configure the filter for Router Advertisement (RA) packets that originate from a client on an AP, use the config ipv6 ra-guard command.

config ipv6 ra-guard ap { enable | disable}

Syntax Description

enable

Enables RA guard on an AP.

disable

Disables RA guard on an AP.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable IPv6 RA guard:


(Cisco Controller) >config ipv6 ra-guard enable

config remote-lan

To configure a remote LAN, use the config remote-lan command.

config remote-lan { enable | disable} { remote-lan-id | all}

Syntax Description

enable

Enables a remote LAN.

disable

Disables a remote LAN.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

all

Configures all wireless LANs.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable a remote LAN with ID 2:

(Cisco Controller) >config remote-lan enable 2

config remote-lan aaa-override

To configure user policy override through AAA on a remote LAN, use the config remote-lan aaa-override command.

config remote-lan aaa-override { enable | disable} remote-lan-id

Syntax Description

enable

Enables user policy override through AAA on a remote LAN.

disable

Disables user policy override through AAA on a remote LAN.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable user policy override through AAA on a remote LAN where the remote LAN ID is 2:

(Cisco Controller) >config remote-lan aaa-override enable 2

config remote-lan acl

To specify an access control list (ACL) for a remote LAN, use the config remote-lan acl command.

config remote-lan acl remote-lan-id acl_name

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

acl_name

ACL name.

Note 

Use the show acl summary command to know the ACLs available.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to specify ACL1 for a remote LAN whose ID is 2:

(Cisco Controller) >config remote-lan acl 2 ACL1

config remote-lan create

To configure a new remote LAN connection, use the config remote-lan create command.

config remote-lan create remote-lan-id name

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

name

Remote LAN name. Valid values are up to 32 alphanumeric characters.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure a new remote LAN, MyRemoteLAN, with the LAN ID as 3:

(Cisco Controller) >config remote-lan create 3 MyRemoteLAN

config remote-lan custom-web

To configure web authentication for a remote LAN, use the config remote-lan custom-web command.

config remote-lan custom-web
{ ext-webauth-url URL } | global { enable | disable } | login-page page-name | loginfailure-page { page-name | none} | logout-page { page-name | none} | webauth-type { internal | customized | external} } remote-lan-id

Syntax Description

ext-webauth-url

Configures an external web authentication URL.

URL

Web authentication URL for the Login page.

global

Configures the global status for the remote LAN.

enable

Enables the global status for the remote LAN.

disable

Disables the global status for the remote LAN.

login-page

Configures a login page.

page-name

Login page name.

none

Configures no login page.

logout-page

Configures a logout page.

none

Configures no logout page.

webauth-type

Configures the web authentication type for the remote LAN.

internal

Displays the default login page.

customized

Displays a downloaded login page.

external

Displays a login page that is on an external server.

name

Remote LAN name. Valid values are up to 32 alphanumeric characters.

remote-lan-id

Remote LAN identifier. Valid values are from 1 to 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Follow these guidelines when you use the config remote-lan custom-web command:

  • When you configure the external Web-Auth URL, do the following:

    • Ensure that Web-Auth or Web-Passthrough Security is in enabled state. To enable Web-Auth, use the config remote-lan security web-auth enable command. To enable Web-Passthrough, use the config remote-lan security web-passthrough enable command.

    • Ensure that the global status of the remote LAN is in disabled state. To enable the global status of the remote LAN, use the config remote-lan custom-web global disable command.

    • Ensure that the remote LAN is in disabled state. To disable a remote LAN, use the config remote-lan disable command.

  • When you configure the Web-Auth type for the remote LAN, do the following:

    • When you configure a customized login page, ensure that you have a login page configured. To configure a login page, use the config remote-lan custom-web login-page command.

    • When you configure an external login page, ensure that you have configured preauthentication ACL for external web authentication to function.

Examples

The following example shows how to configure an external web authentication URL for a remote LAN with ID 3:


(Cisco Controller) >config remote-lan custom-web ext-webauth-url http://www.AuthorizationURL.com/ 3

The following example shows how to enable the global status of a remote LAN with ID 3:


(Cisco Controller) >config remote-lan custom-web global enable 3

The following example shows how to configure the login page for a remote LAN with ID 3:


(Cisco Controller) >config remote-lan custom-web login-page custompage1 3

The following example shows how to configure a web authentication type with the default login page for a remote LAN with ID 3:


(Cisco Controller) >config remote-lan custom-web webauth-type internal 3

config remote-lan delete

To delete a remote LAN connection, use the config remote-lan delete command.

config remote-lan delete remote-lan-id

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to delete a remote LAN with ID 3:

(Cisco Controller) >config remote-lan delete 3

config remote-lan dhcp_server

To configure a dynamic host configuration protocol (DHCP) server for a remote LAN, use the config remote-lan dhcp_server command.

config remote-lan dhcp_server remote-lan-id ip_address

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

ip_addr

IPv4 address of the override DHCP server.

Command Default

0.0.0.0 is set as the default interface value.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.
8.0 This command supports only IPv4 address format.

Examples

The following example shows how to configure a DHCP server for a remote LAN with ID 3:

(Cisco Controller) >config remote-lan dhcp_server 3 209.165.200.225

config remote-lan exclusionlist

To configure the exclusion list timeout on a remote LAN, use the config remote-lan exclusionlist command.

config remote-lan exclusionlist remote-lan-id { seconds | disabled | enabled}

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

seconds

Exclusion list timeout in seconds. A value of 0 requires an administrator override.

disabled

Disables exclusion listing.

enabled

Enables exclusion listing.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the exclusion list timeout to 20 seconds on a remote LAN with ID 3:

(Cisco Controller) >config remote-lan exclusionlist 3 20

config remote-lan interface

To configure an interface for a remote LAN, use the config remote-lan interface command.

config remote-lan interface remote-lan-id interface_name

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

interface_name

Interface name.

Note 

Interface name should not be in upper case characters.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure an interface myinterface for a remote LAN with ID 3:

(Cisco Controller) >config remote-lan interface 3 myinterface

config remote-lan ldap

To configure a remote LAN’s LDAP servers, use the config remote-lan ldap command.

config remote-lan ldap { add | delete} remote-lan-id index

Syntax Description

add

Adds a link to a configured LDAP server (maximum of three).

delete

Deletes a link to a configured LDAP server.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

index

LDAP server index.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to add an LDAP server with the index number 10 for a remote LAN with ID 3:


(Cisco Controller) >config remote-lan ldap add 3 10

config remote-lan mac-filtering

To configure MAC filtering on a remote LAN, use the config remote-lan mac-filtering command.

config remote-lan mac-filtering { enable | disable} remote-lan-id

Syntax Description

enable

Enables MAC filtering on a remote LAN.

disable

Disables MAC filtering on a remote LAN.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

Command Default

MAC filtering on a remote LAN is enabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable MAC filtering on a remote LAN with ID 3:

(Cisco Controller) >config remote-lan mac-filtering disable 3

config remote-lan max-associated-clients

To configure the maximum number of client connections on a remote LAN, use the config remote-lan max-associated-clients command.

config remote-lan max-associated-clients remote-lan-id max-clients

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

max-clients

Configures the maximum number of client connections on a remote LAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure 10 client connections on a remote LAN with ID 3:

(Cisco Controller) >config remote-lan max-associated-clients 3 10

config remote-lan radius_server

To configure the RADIUS servers on a remote LAN, use the config remote-lan radius_server command.

config remote-lan radius_server { acct {{ add | delete} server-index | { enable | disable} | interim-update { interval | enable | disable}} | auth {{ add | delete} server-index | { enable | disable } } | overwrite-interface { enable | disable} } remote-lan-id

Syntax Description

acct

Configures a RADIUS accounting server.

add

Adds a link to a configured RADIUS server.

delete

Deletes a link to a configured RADIUS server.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

server-index

RADIUS server index.

enable

Enables RADIUS accounting for this remote LAN.

disable

Disables RADIUS accounting for this remote LAN.

interim-update

Enables RADIUS accounting for this remote LAN.

interval

Accounting interim interval. The range is from 180 to 3600 seconds.

enable

Enables accounting interim update.

disable

Disables accounting interim update.

auth

Configures a RADIUS authentication server.

enable

Enables RADIUS authentication for this remote LAN.

disable

Disables RADIUS authentication for this remote LAN.

overwrite-interface

Configures a RADIUS dynamic interface for the remote LAN.

enable

Enables a RADIUS dynamic interface for the remote LAN.

disable

Disables a RADIUS dynamic interface for the remote LAN.

Command Default

The interim update interval is set to 600 seconds.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable RADIUS accounting for a remote LAN with ID 3:

(Cisco Controller) >config remote-lan radius_server acct enable 3

config remote-lan security

To configure security policy for a remote LAN, use the config remote-lan security command.

config remote-lan security {{ web-auth { enable | disable | acl | server-precedence} remote-lan-id | { web-passthrough { enable | disable | acl | email-input} remote-lan-id}}

Syntax Description

web-auth

Specifies web authentication.

enable

Enables the web authentication settings.

disable

Disables the web authentication settings.

acl

Configures an access control list.

server-precedence

Configures the authentication server precedence order for web authentication users.

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

email-input

Configures the web captive portal using an e-mail address.

web-passthrough

Specifies the web captive portal with no authentication required.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

8.4

The 802.1X keyword was added.

Examples

The following example shows how to configure the security web authentication policy for remote LAN ID 1:

(Cisco Controller) >config remote-lan security web-auth enable 1

config remote-lan session-timeout

To configure client session timeout, use the config remote-lan session-timeout command.

config remote-lan session-timeout remote-lan-id seconds

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

seconds

Timeout or session duration in seconds. A value of zero is equivalent to no timeout.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the client session timeout to 6000 seconds for a remote LAN with ID 1:

(Cisco Controller) >config remote-lan session-timeout 1 6000

config remote-lan webauth-exclude

To configure web authentication exclusion on a remote LAN, use the config remote-lan webauth-exclude command.

config remote-lan webauth-exclude remote-lan-id { enable | disable}

Syntax Description

remote-lan-id

Remote LAN identifier. Valid values are between 1 and 512.

enable

Enables web authentication exclusion on the remote LAN.

disable

Disables web authentication exclusion on the remote LAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable web authentication exclusion on a remote LAN with ID 1:


(Cisco Controller) >config remote-lan webauth-exclude 1 enable

config rf-profile band-select

To configure the RF profile band selection parameters, use the config rf-profile band-select command.

config rf-profile band-select { client-rssi rssi | cycle-count cycles | cycle-threshold value | expire { dual-band value | suppression value} | probe-response { enable | disable}} profile_name

Syntax Description

client-rssi

Configures the client Received Signal Strength Indicator (RSSI) threshold for the RF profile.

rssi

Minimum RSSI for a client to respond to a probe. The range is from -20 to -90 dBm.

cycle-count

Configures the probe cycle count for the RF profile. The cycle count sets the number of suppression cycles for a new client.

cycles

Value of the cycle count. The range is from 1 to 10.

cycle-threshold

Configures the time threshold for a new scanning RF Profile band select cycle period. This setting determines the time threshold during which new probe requests from a client come in a new scanning cycle.

value

Value of the cycle threshold for the RF profile. The range is from 1 to 1000 milliseconds.

expire

Configures the expiration time of clients for band select.

dual-band

Configures the expiration time for pruning previously known dual-band clients. After this time elapses, clients become new and are subject to probe response suppression.

value

Value for a dual band. The range is from 10 to 300 seconds.

suppression

Configures the expiration time for pruning previously known 802.11b/g clients. After this time elapses, clients become new and are subject to probe response suppression.

value

Value for suppression. The range is from 10 to 200 seconds.

probe-response

Configures the probe response for a RF profile.

enable

Enables probe response suppression on clients operating in the 2.4-GHz band for a RF profile.

disable

Disables probe response suppression on clients operating in the 2.4-GHz band for a RF profile.

profile name

Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.

Command Default

The default value for client RSSI is –80 dBm.

The default cycle count is 2.

The default cycle threshold is 200 milliseconds.

The default value for dual-band expiration is 60 seconds.

The default value for suppression expiration is 20 seconds.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable band select on a WLAN, the access point suppresses client probes on 2.4-GHz and moves the dual band clients to the 5-Ghz spectrum. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running. Band selection can be used only with Cisco Aironet 1040, 1140, and 1250 Series and the 3500 series access points.

Examples

The following example shows how to configure the client RSSI:

(Cisco Controller) >config rf-profile band-select client-rssi -70

config rf-profile client-trap-threshold

To configure the threshold value of the number of clients that associate with an access point, after which an SNMP trap is sent to the controller, use the config rf-profile client-trap-threshold command.

config rf-profile client-trap-threshold threshold profile_name

Syntax Description

threshold

Threshold value of the number of clients that associate with an access point, after which an SNMP trap is sent to the controller. The range is from 0 to 200. Traps are disabled if the threshold value is configured as zero.

profile_name

Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the threshold value of the number of clients that associate with an access point:

(Cisco Controller) >config rf-profile client-trap-threshold 150

config rf-profile create

To create a RF profile, use the config rf-profile create command.

config rf-profile create { 802.11a | 802.11b/g} profile-name

Syntax Description

802.11a

Configures the RF profile for the 2.4GHz band.

802.11b/g

Configures the RF profile for the 5GHz band.

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to create a new RF profile:

(Cisco Controller) >config rf-profile create 802.11a RFtestgroup1

config rf-profile fra client-aware

To configure the RF profile client-aware FRA feature, use the config rf-profile fra client-aware command.

config rf-profile fra client-aware { client-reset percent rf-profile-name | client-select percent rf-profile-name | disable rf-profile-name | enable rf-profile-name}

Syntax Description

client-reset

Configures the RF profile AP utilization threshold for radio to switch back to Monitor mode.

percent

Utilization percentage value ranges from 0 to 100. The default is 5%.

rf-profile-name

Name of the RF Profile.

client-select

Configures the RF profile utilization threshold for radio to switch to 5GHz.

percent

Utilization percentage value ranges from 0 to 100. The default is 50%.

disable

Disables the RF profile client-aware FRA feature.

enable

Enables the RF profile client-aware FRA feature.

Command Default

The default percent value for client-select and client-reset is 50% and 5% respectively.

Command History

Release Modification
8.5 This command was introduced.

Examples

The following example shows how to configure the RF profile utilization threshold for redundant dual-band radios to switch back from 5GHz client-serving role to Monitor mode:

(Cisco Controller) >config rf-profile fra client-aware client-reset 15 profile1

The following example shows how to configure the RF profile utilization threshold for redundant dual-band radios to switch from Monitor mode to 5GHz client-serving role:

(Cisco Controller) >config rf-profile fra client-aware client-select 20 profile1

The following example shows how to disable the RF profile client-aware FRA feature:

(Cisco Controller) >config rf-profile fra client-aware disable profile1

The following example shows how to enable the RF profile client-aware FRA feature:

(Cisco Controller) >config rf-profile fra client-aware enable profile1

config rf-profile data-rates

To configure the data rate on a RF profile, use the config rf-profile data-rates command.

config rf-profile data-rates { 802.11a | 802.11b } { disabled | mandatory | supported} data-rate profile-name

Syntax Description

802.11a

Specifies 802.11a as the radio policy of the RF profile.

802.11b

Specifies 802.11b as the radio policy of the RF profile.

disabled

Disables a rate.

mandatory

Sets a rate to mandatory.

supported

Sets a rate to supported.

data-rate

802.11 operational rates, which are 1*, 2*, 5.5*, 6, 9, 11*, 12, 18, 24, 36, 48 and 54, where * denotes 802.11b only rates.

profile-name

Name of the RF profile.

Command Default

Default data rates for RF profiles are derived from the controller system defaults, the global data rate configurations. For example, if the RF profile's radio policy is mapped to 802.11a then the global 802.11a data rates are copied into the RF profiles at the time of creation.

The data rates set with this command are negotiated between the client and the Cisco wireless LAN controller. If the data rate is set to mandatory, the client must support it in order to use the network. If a data rate is set as supported by the Cisco wireless LAN controller, any associated client that also supports that rate may communicate with the Cisco lightweight access point using that rate. It is not required that a client is able to use all the rates marked supported in order to associate.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the 802.11b transmission of an RF profile at a mandatory rate at 12 Mbps:

(Cisco Controller) >config rf-profile 802.11b data-rates mandatory 12 RFGroup1 

config rf-profile delete

To delete a RF profile, use the config rf-profile delete command.

config rf-profile delete profile-name

Syntax Description

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to delete a RF profile:


(Cisco Controller) >config rf-profile delete RFGroup1 

config rf-profile description

To provide a description to a RF profile, use the config rf-profile description command.

config rf-profile description description profile-name

Syntax Description

description

Description of the RF profile.

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to add a description to a RF profile:

(Cisco Controller) >config rf-profile description This is a demo desciption RFGroup1 

config rf-profile load-balancing

To configure load balancing on an RF profile, use the config rf-profile load-balancing command.

config rf-profile load-balancing { window clients | denial value} profile_name

Syntax Description

window

Configures the client window for load balancing of an RF profile.

clients

Client window size that limits the number of client associations with an access point. The range is from 0 to 20. The default value is 5.

The window size is part of the algorithm that determines whether an access point is too heavily loaded to accept more client associations:

load-balancing window + client associations on AP with lightest load = load-balancing threshold

Access points with more client associations than this threshold are considered busy, and clients can associate only to access points with client counts lower than the threshold. This window also helps to disassociate sticky clients.
denial

Configures the client denial count for load balancing of an RF profile.

value

Maximum number of association denials during load balancing. The range is from 1 to 10. The default value is 3.

When a client tries to associate on a wireless network, it sends an association request to the access point. If the access point is overloaded and load balancing is enabled on the controller, the access point sends a denial to the association request. If there are no other access points in the range of the client, the client tries to associate the same access point again. After the maximum denial count is reached, the client is able to associate. Association attempts on an access point from any client before associating any AP is called a sequence of association. The default is 3.

profile_name

Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure the client window size for an RF profile:

(Cisco Controller) >config rf-profile load-balancing window 15

config rf-profile max-clients

To configure the maximum number of client connections per access point of an RF profile, use the config rf-profile max-clients commands.

config rf-profile max-clients clients

Syntax Description

clients

Maximum number of client connections per access point of an RF profile. The range is from 1 to 200.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can use this command to configure the maximum number of clients on access points that are in client dense areas, or serving high bandwidth video or mission critical voice applications.

Examples

The following example shows how to set the maximum number of clients at 50:

(Cisco Controller) >config rf-profile max-clients 50

config rf-profile multicast data-rate

To configure the minimum RF profile multicast data rate, use the config rf-profile multicast data-rate command.

config rf-profile multicast data-rate value profile_name

Syntax Description

value

Minimum RF profile multicast data rate. The options are 6, 9, 12, 18, 24, 36, 48, 54. Enter 0 to specify that access points will dynamically adjust the data rate.

profile_name

Name of the RF profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.

Command Default

The minimum RF profile multicast data rate is 0.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to set the multicast data rate for an RF profile:

(Cisco Controller) >config rf-profile multicast data-rate 24

config rf-profile out-of-box

To create an out-of-box AP group consisting of newly installed access points, use the config rf-profile out-of-box command.

config rf-profile out-of-box { enable | disable}

Syntax Description

enable
Enables the creation of an out-of-box AP group. When you enable this command, the following occurs:
  • Newly installed access points that are part of the default AP group will be part of the out-of-box AP group and their radios will be switched off, which eliminates any RF instability caused by the new access points.

  • All access points that do not have a group name become part of the out-of-box AP group.

  • Special RF profiles are created per 802.11 band. These RF profiles have default-settings for all the existing RF parameters and additional new configurations.

disable

Disables the out-of-box AP group. When you disable this feature, only the subscription of new APs to the out-of-box AP group stops. All APs that are subscribed to the out-of-box AP group remain in this AP group. You can move APs to the default group or a custom AP group upon network convergence.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When an out-of-box AP associates with the controller for the first time, it will be redirected to a special AP group and the RF profiles applicable to this AP Group will control the radio admin state configuration of the AP. You can move APs to the default group or a custom group upon network convergence.

Examples

The following example shows how to enable the creation of an out-of-box AP group:

(Cisco Controller) >config rf-profile out-of-box enable

config rf-profile tx-power-control-thresh-v1

To configure Transmit Power Control version1 (TPCv1) to an RF profile, use the config rf-profile tx-power-control-thresh-v1 command.

config rf-profile tx-power-control-thresh-v1 tpc-threshold profile_name

Syntax Description

tpc-threshold

TPC threshold.

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure TPCv1 on an RF profile:

(Cisco Controller) >config rf-profile tx-power-control-thresh-v1 RFGroup1 

config rf-profile tx-power-control-thresh-v2

To configure Transmit Power Control version 2 (TPCv2) to an RF profile, use the config rf-profile tx-power-control-thresh-v2 command.

config rf-profile tx-power-control-thresh-v2 tpc-threshold profile-name

Syntax Description

tpc-threshold

TPC threshold.

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure TPCv2 on an RF profile:

(Cisco Controller) >config rf-profile tx-power-control-thresh-v2 RFGroup1 

config rf-profile tx-power-max

To configure maximum auto-rf to an RF profile, use the config rf-profile tx-power-max command.

config rf-profile tx-power-max profile-name

Syntax Description

tx-power-max

Maximum auto-rf tx power.

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure tx-power-max on an RF profile:

(Cisco Controller) >config rf-profile tx-power-max RFGroup1 

config rf-profile tx-power-min

To configure minimum auto-rf to an RF profile, use the config rf-profile tx-power-min command.

config rf-profile tx-power-min tx-power-min profile-name

Syntax Description

tx-power-min

Minimum auto-rf tx power.

profile-name

Name of the RF profile.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure tx-power-min on an RF profile:


(Cisco Controller) >config rf-profile tx-power-min RFGroup1 

config watchlist add

To add a watchlist entry for a wireless LAN, use the config watchlist add command.

config watchlist add { mac MAC | username username}

Syntax Description

mac MAC

Specifies the MAC address of the wireless LAN.

username username

Specifies the name of the user to watch.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to add a watchlist entry for the MAC address a5:6b:ac:10:01:6b:


(Cisco Controller) >config watchlist add mac a5:6b:ac:10:01:6b

config watchlist delete

To delete a watchlist entry for a wireless LAN, use the config watchlist delete command.

config watchlist delete { mac MAC | username username}

Syntax Description

mac MAC

Specifies the MAC address of the wireless LAN to delete from the list.

username username

Specifies the name of the user to delete from the list.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to delete a watchlist entry for the MAC address a5:6b:ac:10:01:6b:


(Cisco Controller) >config watchlist delete mac a5:6b:ac:10:01:6b

config watchlist disable

To disable the client watchlist, use the config watchlist disable command.

config watchlist disable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable the client watchlist:


(Cisco Controller) >config watchlist disable

config watchlist enable

To enable a watchlist entry for a wireless LAN, use the config watchlist enable command.

config watchlist enable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable a watchlist entry:


(Cisco Controller) >config watchlist enable

config wlan

To create, delete, enable, or disable a wireless LAN, use the config wlan command.

config wlan { enable | disable | create | delete} wlan_id [ name | foreignAp name ssid | all]

Syntax Description

enable

Enables a wireless LAN.

disable

Disables a wireless LAN.

create

Creates a wireless LAN.

delete

Deletes a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

name

(Optional) WLAN profile name up to 32 alphanumeric characters.

foreignAp

(Optional) Specifies the third-party access point settings.

ssid

SSID (network name) up to 32 alphanumeric characters.

all

(Optional) Specifies all wireless LANs.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you create a new WLAN using the config wlan create command, it is created in disabled mode. Leave it disabled until you have finished configuring it.

If you do not specify an SSID, the profile name parameter is used for both the profile name and the SSID.

If the management and AP-manager interfaces are mapped to the same port and are members of the same VLAN, you must disable the WLAN before making a port-mapping change to either interface. If the management and AP-manager interfaces are assigned to different VLANs, you do not need to disable the WLAN.

An error message appears if you try to delete a WLAN that is assigned to an access point group. If you proceed, the WLAN is removed from the access point group and from the access point’s radio.

Examples

The following example shows how to enable wireless LAN identifier 16:

(Cisco Controller) >config wlan enable 16

config wlan 7920-support

To configure support for phones, use the config wlan 7920-support command.

config wlan 7920-support { client-cac-limit | ap-cac-limit} { enable | disable} wlan_id

Syntax Description

ap-cac-limit

Supports phones that require client-controlled Call Admission Control (CAC) that expect the Cisco vendor-specific information element (IE).

client-cac-limit

Supports phones that require access point-controlled CAC that expect the IEEE 802.11e Draft 6 QBSS-load.

enable

Enables phone support.

disable

Disables phone support.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You cannot enable both WMM mode and client-controlled CAC mode on the same WLAN.

Examples

The following example shows how to enable the phone support that requires client-controlled CAC with wireless LAN ID 8:

(Cisco Controller) >config wlan 7920-support ap-cac-limit enable 8

config wlan 802.11e

To configure 802.11e support on a wireless LAN, use the config wlan 802.11e command.

config wlan 802.11e { allow | disable | require} wlan_id

Syntax Description

allow

Allows 802.11e-enabled clients on the wireless LAN.

disable

Disables 802.11e on the wireless LAN.

require

Requires 802.11e-enabled clients on the wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

802.11e provides quality of service (QoS) support for LAN applications, which are critical for delay sensitive applications such as Voice over Wireless IP (VoWIP).

802.11e enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time division multiple access (TDMA) construct, and adds error-correcting mechanisms for delay sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability and is especially well suited for use in networks that include a multimedia capability.

Examples

The following example shows how to allow 802.11e on the wireless LAN with LAN ID 1:

(Cisco Controller) >config wlan 802.11e allow 1

config wlan aaa-override

To configure a user policy override via AAA on a wireless LAN, use the config wlan aaa-override command.

config wlan aaa-override { enable | disable} { wlan_id | foreignAp}

Syntax Description

enable

Enables a policy override.

disable

Disables a policy override.

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

Command Default

AAA is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When AAA override is enabled and a client has conflicting AAA and Cisco wireless LAN controller wireless LAN authentication parameters, client authentication is performed by the AAA server. As part of this authentication, the operating system will move clients from the default Cisco wireless LAN VLAN to a VLAN returned by the AAA server and predefined in the controller interface configuration (only when configured for MAC filtering, 802.1X, and/or WPA operation). In all cases, the operating system will also use QoS, DSCP, 802.1p priority tag values, and ACLs provided by the AAA server, as long as they are predefined in the controller interface configuration. (This VLAN switching by AAA override is also referred to as Identity Networking.)

If the corporate wireless LAN uses a management interface assigned to VLAN 2, and if AAA override returns a redirect to VLAN 100, the operating system redirects all client transmissions to VLAN 100, regardless of the physical port to which VLAN 100 is assigned.

When AAA override is disabled, all client authentication defaults to the controller authentication parameter settings, and authentication is performed by the AAA server if the controller wireless LAN does not contain any client-specific authentication parameters.

The AAA override values might come from a RADIUS server.

Examples

The following example shows how to configure user policy override via AAA on WLAN ID 1:


(Cisco Controller) >config wlan aaa-override enable 1

config wlan acl

To configure a wireless LAN access control list (ACL), use the config wlan acl command.

config wlan acl [ acl_name | none]

Syntax Description

wlan_id

Wireless LAN identifier (1 to 512).

acl_name

(Optional) ACL name.

none

(Optional) Clears the ACL settings for the specified wireless LAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure a WLAN access control list with WLAN ID 1 and ACL named office_1:

(Cisco Controller) >config wlan acl 1 office_1

config wlan assisted-roaming

To configure assisted roaming on a WLAN, use the config wlan assisted-roaming command.

config wlan assisted-roaming { neighbor-list | dual-list | prediction} { enable | disable} wlan_id

Syntax Description

neighbor-list

Configures an 802.11k neighbor list for a WLAN.

dual-list

Configures a dual band 802.11k neighbor list for a WLAN. The default is the band that the client is currently associated with.

prediction

Configures an assisted roaming optimization prediction for a WLAN.

enable

Enables the configuration on the WLAN.

disable

Disables the configuration on the WLAN.

wlan_id

Wireless LAN identifier between 1 and 512 (inclusive).

Command Default

The 802.11k neighbor list is enabled for all WLANs.

By default, dual band list is enabled if the neighbor list feature is enabled for the WLAN.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable the assisted roaming prediction list, a warning appears and load balancing is disabled for the WLAN, if load balancing is already enabled on the WLAN.

Examples

The following example shows how to enable an 802.11k neighbor list for a WLAN:

(Cisco Controller) >config wlan assisted-roaming neighbor-list enable 1

config wlan avc

To configure Application Visibility and Control (AVC) on a WLAN, use the config wlan avc command.

config wlan avc wlan_id { profile profile_name | visibility} { enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512.

profile

Associates or removes an AVC profile from a WLAN.

profile_name

Name of the AVC profile. The profile name can be up to 32 case-sensitive, alphanumeric characters.

visibility

Configures application visibility on a WLAN.

enable

Enables application visibility on a WLAN. You can view the classification of applications based on the Network Based Application Recognition (NBAR) deep packet inspection technology.

Use the show avc statistics client command to view the client AVC statistics.

disable

Disables application visibility on a WLAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can configure only one AVC profile per WLAN and each AVC profile can have up to 32 rules. Each rule states a Mark or Drop action for an application, which allows you to configure up to 32 application actions per WLAN. You can configure up to 16 AVC profiles on a controller and associate an AVC profile with multiple WLANs.

Examples

The following example shows how to associate an AVC profile with a WLAN:

(Cisco Controller) >config wlan avc 5 profile profile1 enable

config wlan apgroup

To manage access point group VLAN features, use the config wlan apgroup command.

config wlan apgroup { add apgroup_name [ description] | 
 delete apgroup_name | 
 description apgroup_name description | 
 interface-mapping { add | delete} apgroup_name wlan_id interface_name |
 nac-snmp { enable | disable} apgroup_name wlan_id
| nasid NAS-ID apgroup_name | profile-mapping { add | delete} apgroup_name
profile_name | wlan-radio-policy apgroup_name
wlan-id { 802.11a-only | 802.11bg | 802.11g-only | all} | hotspot { venue { type apgroup_name
group_codetype_code| name apgroup_name
language_codevenue_name
} | operating-class { add | delete} apgroup_name
operating_class_value}}

Syntax Description

add

Creates a new access point group (AP group).

apgroup_name

Access point group name.

wlan_id

Wireless LAN identifier from 1 to 512.

delete

Removes a wireless LAN from an AP group.

description

Describes an AP group.

description

Description of the AP group.

interface-mapping

(Optional) Assigns or removes a Wireless LAN from an AP group.

interface_name

(Optional) Interface to which you want to map an AP group.

nac-snmp

Configures NAC SNMP functionality on given AP group. Enables or disables Network Admission Control (NAC) out-of-band support on an access point group.

enable

Enables NAC out-of-band support on an AP group.

disable

Disables NAC out-of-band support on an AP group.

NAS-ID

Network Access Server identifier (NAS-ID) for the AP group. The NAS-ID is sent to the RADIUS server by the controller (as a RADIUS client) using the authentication request, which is used to classify users to different groups. You can enter up to 32 alphanumeric characters. Beginning in Release 7.4 and later releases, you can configure the NAS-ID on the interface, WLAN, or an access point group. The order of priority is AP group NAS-ID > WLAN NAS-ID > Interface NAS-ID.

none

Configures the controller system name as the NAS-ID.

profile-mapping

Configures RF profile mapping on an AP group.

profile_name

RF profile name for a specified AP group.

wlan-radio-policy

Configures WLAN radio policy on an AP group.

802.11a-only

Configures WLAN radio policy on an AP group.

802.11bg

Configures WLAN radio policy on an AP group.

802.11g-only

Configures WLAN radio policy on an AP group.

all

Configures WLAN radio policy on an AP group.

hotspot

Configures a HotSpot on an AP group.

venue

Configures venue information for an AP group.

type

Configures the type of venue for an AP group.

group_code

Venue group information for an AP group.

The following options are available:
  • 0 : UNSPECIFIED

  • 1 : ASSEMBLY

  • 2 : BUSINESS

  • 3 : EDUCATIONAL

  • 4 : FACTORY-INDUSTRIAL

  • 5 : INSTITUTIONAL

  • 6 : MERCANTILE

  • 7 : RESIDENTIAL

  • 8 : STORAGE

  • 9 : UTILITY-MISC

  • 10 : VEHICULAR

  • 11 : OUTDOOR

type_code

Venue type information for an AP group.

For venue group 1 (ASSEMBLY), the following options are available:
  • 0 : UNSPECIFIED ASSEMBLY

  • 1 : ARENA

  • 2 : STADIUM

  • 3 : PASSENGER TERMINAL

  • 4 : AMPHITHEATER

  • 5 : AMUSEMENT PARK

  • 6 : PLACE OF WORSHIP

  • 7 : CONVENTION CENTER

  • 8 : LIBRARY

  • 9 : MUSEUM

  • 10 : RESTAURANT

  • 11 : THEATER

  • 12 : BAR

  • 13 : COFFEE SHOP

  • 14 : ZOO OR AQUARIUM

  • 15 : EMERGENCY COORDINATION CENTER

For venue group 2 (BUSINESS), the following options are available:
  • 0 : UNSPECIFIED BUSINESS

  • 1 : DOCTOR OR DENTIST OFFICE

  • 2 : BANK

  • 3 : FIRE STATION

  • 4 : POLICE STATION

  • 6 : POST OFFICE

  • 7 : PROFESSIONAL OFFICE

  • 8 : RESEARCH AND DEVELOPMENT FACILITY

  • 9 : ATTORNEY OFFICE

For venue group 3 (EDUCATIONAL), the following options are available:
  • 0 : UNSPECIFIED EDUCATIONAL

  • 1 : PRIMARY SCHOOL

  • 2 : SECONDARY SCHOOL

  • 3 : UNIVERSITY OR COLLEGE

For venue group 4 (FACTORY-INDUSTRIAL), the following options are available:
  • 0 : UNSPECIFIED FACTORY AND INDUSTRIAL

  • 1 : FACTORY

For venue group 5 (INSTITUTIONAL), the following options are available:
  • 0 : UNSPECIFIED INSTITUTIONAL

  • 1 : HOSPITAL

  • 2 : LONG-TERM CARE FACILITY

  • 3 : ALCOHOL AND DRUG RE-HABILITATION CENTER

  • 4 :GROUP HOME

  • 5 :PRISON OR JAIL

For venue group 6 (MERCANTILE), the following options are available:
  • 0 : UNSPECIFIED MERCANTILE

  • 1 : RETAIL STORE

  • 2 : GROCERY MARKET

  • 3 : AUTOMOTIVE SERVICE STATION

  • 4 : SHOPPING MALL

  • 5 : GAS STATION

For venue group 7 (RESIDENTIAL), the following options are available:
  • 0 : UNSPECIFIED RESIDENTIAL

  • 1 : PRIVATE RESIDENCE

  • 2 : HOTEL OR MOTEL

  • 3 : DORMITORY

  • 4 : BOARDING HOUSE

For venue group 8 (STORAGE), the following options are available:
  • 0 : UNSPECIFIED STORAGE

For venue group 9 (UTILITY-MISC), the following options are available:
  • 0 : UNSPECIFIED UTILITY AND MISCELLANEOUS

For venue group 10 (VEHICULAR), the following options are available:
  • 0 : UNSPECIFIED VEHICULAR

  • 1 : AUTOMOBILE OR TRUCK

  • 2 : AIRPLANE

  • 3 : BUS

  • 4 : FERRY

  • 5 : SHIP OR BOAT

  • 6 : TRAIN

  • 7 : MOTOR BIKE

For venue group 11 (OUTDOOR), the following options are available:
  • 0 : UNSPECIFIED OUTDOOR

  • 1 : MINI-MESH NETWORK

  • 2 : CITY PARK

  • 3 : REST AREA

  • 4 : TRAFFIC CONTROL

  • 5 : BUS STOP

  • 6 : KIOSK

name

Configures the name of venue for an AP group.

language_code

An ISO-639 encoded string defining the language used at the venue. This string is a three character language code. For example, you can enter ENG for English.

venue_name

Venue name for this AP group. This name is associated with the basic service set (BSS) and is used in cases where the SSID does not provide enough information about the venue. The venue name is case-sensitive and can be up to 252 alphanumeric characters.

add

Adds an operating class for an AP group.

delete

Deletes an operating class for an AP group.

operating_class_value

Operating class for an AP group. The available operating classes are 81, 83, 84, 112, 113, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127.

Command Default

AP Group VLAN is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

An error message appears if you try to delete an access point group that is used by at least one access point. Before you can delete an AP group in controller software release 6.0, move all APs in this group to another group. The access points are not moved to the default-group access point group as in previous releases. To see the APs, enter the show wlan apgroups command. To move APs, enter the config ap group-name groupname cisco_ap command.

The NAS-ID configured on the controller for AP group or WLAN or interface is used for authentication. The NAS-ID is not propagated across controllers.

Examples

The following example shows how to enable the NAC out-of band support on access point group 4:

(Cisco Controller) >config wlan apgroup nac enable apgroup 4

config wlan band-select allow

To configure band selection on a WLAN, use the config wlan band-select allow command.

config wlan band-select allow { enable | disable} wlan_id

Syntax Description

enable

Enables band selection on a WLAN.

disable

Disables band selection on a WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

When you enable band select on a WLAN, the access point suppresses client probes on 2.4-GHz and moves the dual band clients to the 5-Ghz spectrum. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running. Band selection can be used only with Cisco Aironet 1040, 1140, and 1250 Series and the 3500 series access points.

Examples

The following example shows how to enable band selection on a WLAN:

(Cisco Controller) >config wlan band-select allow enable 6

config wlan broadcast-ssid

To configure an Service Set Identifier (SSID) broadcast on a wireless LAN, use the config wlan broadcast-ssid command.

config wlan broadcast-ssid { enable | disable} wlan_id

Syntax Description

enable

Enables SSID broadcasts on a wireless LAN.

disable

Disables SSID broadcasts on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

Broadcasting of SSID is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure an SSID broadcast on wireless LAN ID 1:

(Cisco Controller) >config wlan broadcast-ssid enable 1

config wlan call-snoop

To enable or disable Voice-over-IP (VoIP) snooping for a particular WLAN, use the config wlan call-snoop command.

config wlan call-snoop { enable | disable} wlan_id

Syntax Description

enable

Enables VoIP snooping on a wireless LAN.

disable

Disables VoIP snooping on a wireless LAN.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

WLAN should be with Platinum QoS and it needs to be disabled while invoking this CLI

Examples

The following example shows how to enable VoIP snooping for WLAN 3:

(Cisco Controller) >config wlan call-snoop 3 enable

config wlan chd

To enable or disable Coverage Hole Detection (CHD) for a wireless LAN, use the config wlan chd command.

config wlan chd wlan_id { enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables SSID broadcasts on a wireless LAN.

disable

Disables SSID broadcasts on a wireless LAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable CHD for WLAN 3:


(Cisco Controller) >config wlan chd 3 enable

config wlan ccx aironet-ie

To enable or disable Aironet information elements (IEs) for a WLAN, use the config wlan ccx aironet-ie command.

config wlan ccx aironet-ie { enable | disable}

Syntax Description

enable

Enables the Aironet information elements.

disable

Disables the Aironet information elements.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable Aironet information elements for a WLAN:

(Cisco Controller) >config wlan ccx aironet-ie enable

config wlan channel-scan defer-priority

To configure the controller to defer priority markings for packets that can defer off channel scanning, use the config wlan channel-scan defer-priority command.

config wlan channel-scan defer-priority priority [ enable | disable] wlan_id

Syntax Description

priority

User priority value (0 to 7).

enable

(Optional) Enables packet at given priority to defer off channel scanning.

disable

(Optional) Disables packet at gven priority to defer off channel scanning.

wlan_id

Wireless LAN identifier (1 to 512).

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The priority value should be set to 6 on the client and on the WLAN.

Examples

The following example shows how to enable the controller to defer priority markings that can defer off channel scanning with user priority value 6 and WLAN id 30:

(Cisco Controller) >config wlan channel-scan defer-priority 6 enable 30

config wlan channel-scan defer-time

To assign the channel scan defer time in milliseconds, use the config wlan channel-scan defer-time command.

config wlan channel-scan defer-time msecs wlan_id

Syntax Description

msecs

Deferral time in milliseconds (0 to 60000 milliseconds).

wlan_id

Wireless LAN identifier from 1 to 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The time value in milliseconds should match the requirements of the equipment on your WLAN.

Examples

The following example shows how to assign the scan defer time to 40 milliseconds for WLAN with ID 50:


(Cisco Controller) >config wlan channel-scan defer-time 40 50

config wlan custom-web

To configure the web authentication page for a WLAN, use the config wlan custom-web command.

config wlan custom-web{ { ext-webauth-url ext-webauth-url wlan_id } | { global { enable | disable}} | { login-page page-name } | { loginfailure-page { page-name | none}} | { logout-page { page-name | none}} | { sleep-client { enable | disable} wlan_id timeout duration} | { webauth-type { internal | customized | external} wlan_id}}

Syntax Description

ext-webauth-url

Configures an external web authentication URL.

ext-webauth-url

External web authentication URL.

wlan_id

WLAN identifier. Default range is from 1 to 512.

global

Configures the global status for a WLAN.

enable

Enables the global status for a WLAN.

disable

Disables the global status for a WLAN.

login-page

Configures the name of the login page for an external web authentication URL.

page-name

Login page name for an external web authentication URL.

loginfailure-page

Configures the name of the login failure page for an external web authentication URL.

none

Does not configure a login failure page for an external web authentication URL.

logout-page

Configures the name of the logout page for an external web authentication URL.

sleep-client

Configures the sleep client feature on the WLAN.

timeout

Configures the sleep client timeout on the WLAN.

duration

Maximum amount of time after the idle timeout, in hours, before a sleeping client is forced to reauthenticate. The range is from 1 to 720. The default is 12. When the sleep client feature is enabled, the clients need not provide the login credentials when they move from one Cisco WLC to another (if the Cisco WLCs are in the same mobility group) between the sleep and wake-up times.

webauth-type

Configures the type of web authentication for the WLAN.

internal

Displays the default login page.

customized

Displays a customized login page.

external

Displays a login page on an external web server.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

The following example shows how to configure web authentication type in the WLAN.

Examples

Cisco Controller config wlan custom-web webauth-type external

config wlan dhcp_server

To configure the internal DHCP server for a wireless LAN, use the config wlan dhcp_server command.

config wlan dhcp_server { wlan_id | foreignAp} ip_address [ required]

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

foreignAp

Specifies third-party access points.

ip_address

IP address of the internal DHCP server (this parameter is required).

required

(Optional) Specifies whether DHCP address assignment is required.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The preferred method for configuring DHCP is to use the primary DHCP address assigned to a particular interface instead of the DHCP server override. If you enable the override, you can use the show wlan command to verify that the DHCP server has been assigned to the WLAN.

Examples

The following example shows how to configure an IP address 10.10.2.1 of the internal DHCP server for wireless LAN ID 16:


(Cisco Controller) >config wlan dhcp_server 16 10.10.2.1

config wlan diag-channel

To enable the diagnostic channel troubleshooting on a particular WLAN, use the config wlan diag-channel command.

config wlan diag-channel [ enable | disable] wlan_id

Syntax Description

enable

(Optional) Enables the wireless LAN diagnostic channel.

disable

(Optional) Disables the wireless LAN diagnostic channel.

wlan_id

Wireless LAN identifier (1 to 512).

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable the wireless LAN diagnostic channel for WLAN ID 1:


(Cisco Controller) >config wlan diag-channel enable 1

config wlan dtim

To configure a Delivery Traffic Indicator Message (DTIM) for 802.11 radio network config wlan dtim command.

config wlan dtim { 802.11a | 802.11b} dtim wlan_id

Syntax Description

802.11a

Configures DTIM for the 802.11a radio network.

802.11b

Configures DTIM for the 802.11b radio network.

dtim

Value for DTIM (between 1 to 255 inclusive).

wlan_id

Number of the WLAN to be configured.

Command Default

The default is DTIM 1.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure DTIM for 802.11a radio network with DTIM value 128 and WLAN ID 1:


(Cisco Controller) >config wlan dtim 802.11a 128 1

config wlan exclusionlist

To configure the wireless LAN exclusion list, use the config wlan exclusionlist command.

config wlan exclusionlist { wlan_id [ enabled | disabled | time] |
 foreignAp [ enabled | disabled | time]}

Syntax Description

wlan_id

Wireless LAN identifier (1 to 512).

enabled

(Optional) Enables the exclusion list for the specified wireless LAN or foreign access point.

disabled

(Optional) Disables the exclusion list for the specified wireless LAN or a foreign access point.

time

(Optional) Exclusion list timeout in seconds. A value of zero (0) specifies infinite time.

foreignAp

Specifies a third-party access point.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This command replaces the config wlan blacklist command.

Examples

The following example shows how to enable the exclusion list for WLAN ID 1:


(Cisco Controller) >config wlan exclusionlist 1 enabled

config wlan flow

To associate a NetFlow monitor with a WLAN, use the config wlan flow command.

config wlan flow wlan_id monitor monitor_name { enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512 (inclusive).

monitor

Configures a NetFlow monitor.

monitor_name

Name of the NetFlow monitor. The monitor name can be up to 32 case-sensitive, alphanumeric characters. You cannot include spaces for a monitor name.

enable

Associates a NetFlow monitor with a WLAN.

disable

Dissociates a NetFlow monitor from a WLAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can use the config flow command to create a new NetFlow monitor.

Examples

The following example shows how to associate a NetFlow monitor with a WLAN:

(Cisco Controller) >config wlan flow 5 monitor monitor1 enable

config wlan flexconnect ap-auth

To configure local authentication of clients associated with FlexConnect on a locally switched WLAN, use the config wlan flexconnect ap-auth command.

config wlan flexconnect ap-auth wlan_id { enable | disable}

Syntax Description

ap-auth

Configures local authentication of clients associated with an FlexConnect on a locally switched WLAN.

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables AP authentication on a WLAN.

disable

Disables AP authentication on a WLAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Local switching must be enabled on the WLAN where you want to configure local authentication of clients associated with FlexConnect.

Examples

The following example shows how to enable authentication of clients associated with FlexConnect on a specified WLAN:


(Cisco Controller) >config wlan flexconnect ap-auth 6 enable

config wlan flexconnect learn-ipaddr

To enable or disable client IP address learning for the Cisco WLAN controller, use the config wlan flexconnect learn-ipaddr command.

config wlan flexconnect learn-ipaddr wlan_id { enable | disable}

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables client IPv4 address learning on a wireless LAN.

disable

Disables client IPv4 address learning on a wireless LAN.

Command Default

Disabled when the config wlan flexconnect local-switching command is disabled. 
Enabled when the config wlan flexconnect local-switching command is enabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

Usage Guidelines

If the client is configured with Layer 2 encryption, the controller cannot learn the client IP address, and the controller will periodically drop the client. Disable this option to keep the client connection without waiting to learn the client IP address.


Note

This command is valid only for IPv4.

Note

The ability to disable IP address learning is not supported with FlexConnect central switching.

Examples

The following example shows how to disable client IP address learning for WLAN 6:


(Cisco Controller) >config wlan flexconnect learn-ipaddr disable 6

config wlan flexconnect local-switching

To configure local switching, central DHCP, NAT-PAT, or the override DNS option on a FlexConnect WLAN, use the config wlan flexconnect local switching command.

config wlan flexconnect local-switching wlan_id { enable | disable} { { central-dhcp { enable | disable} nat-pat { enable | disable} } | { override option dns { enable | disable} } }

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512.

enable

Enables local switching on a FlexConnect WLAN.

disable

Disables local switching on a FlexConnect WLAN.

central-dhcp

Configures central switching of DHCP packets on the local switching FlexConnect WLAN. When you enable this feature, the DHCP packets received from the AP are centrally switched to the controller and forwarded to the corresponding VLAN based on the AP and the SSID.

enable

Enables central DHCP on a FlexConnect WLAN.

disable

Disables central DHCP on a FlexConnect WLAN.

nat-pat

Configures Network Address Translation (NAT) and Port Address Translation (PAT) on the local switching FlexConnect WLAN.

enable

Enables NAT-PAT on the FlexConnect WLAN.

disable

Disables NAT-PAT on the FlexConnect WLAN.

override

Specifies the DHCP override options on the FlexConnect WLAN.

option dns

Specifies the override DNS option on the FlexConnect WLAN. When you override this option, the clients get their DNS server IP address from the AP, not from the controller.

enable

Enables the override DNS option on the FlexConnect WLAN.

disable

Disables the override DNS option on the FlexConnect WLAN.

Command Default

This feature is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.
8.0 This command supports only IPv4 address format.

Usage Guidelines

When you enable the config wlan flexconnect local-switching command, the config wlan flexconnect learn-ipaddr command is enabled by default.


Note

This command is valid only for IPv4.



Note

The ability to disable IP address learning is not supported with FlexConnect central switching.


Examples

The following example shows how to enable WLAN 6 for local switching and enable central DHCP and NAT-PAT:


(Cisco Controller) >config wlan flexconnect local-switching 6 enable central-dhcp enable nat-pat enable

The following example shows how to enable the override DNS option on WLAN 6:


(Cisco Controller) >config wlan flexconnect local-switching 6 override option dns enable

config wlan flexconnect vlan-central-switching

To configure central switching on a locally switched WLAN, use the config wlan flexconnect vlan-central-switching command.

config wlan flexconnect vlan-central-switching wlan_id { enable | disable }

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

enable

Enables central switching on a locally switched wireless LAN.

disable

Disables central switching on a locally switched wireless LAN.

Command Default

Central switching is disabled.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You must enable Flexconnect local switching to enable VLAN central switching. When you enable WLAN central switching, the access point bridges the traffic locally if the WLAN is configured on the local IEEE 802.1Q link. If the VLAN is not configured on the access point, the AP tunnels the traffic back to the controller and the controller bridges the traffic to the corresponding VLAN.

WLAN central switching does not support:

  • FlexConnect local authentication.

  • Layer 3 roaming of local switching client.

Examples

The following example shows how to enable WLAN 6 for central switching:

(Cisco Controller) >config wlan flexconnect vlan-central-switching 6 enable

config wlan hotspot

To configure a HotSpot on a WLAN, use the config wlan hotspot command.

config wlan hotspot { clear-all wlan_id | dot11u | hs2 | msap}

Syntax Description

clear-all

Clears the HotSpot configurations on a WLAN.

wlan_id

Wireless LAN identifier from 1 to 512.

dot11u

Configures an 802.11u HotSpot on a WLAN.

hs2

Configures HotSpot2 on a WLAN.

msap

Configures the Mobility Services Advertisement Protocol (MSAP) on a WLAN.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

You can configure up to 32 HotSpot WLANs.

Examples

The following example shows how to configure HotSpot2 for a WLAN:

(Cisco Controller) >config wlan hotspot hs2 enable 2

config wlan hotspot dot11u

To configure an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u command.

config wlan hotspot dot11u { 3gpp-info | auth-type | enable | disable | domain | hessid | ipaddr-type | nai-realm | network-type | roam-oi}

Syntax Description

3gpp-info

Configures 3GPP cellular network information.

auth-type

Configures the network authentication type.

disable

Disables 802.11u on the HotSpot profile.

domain

Configures a domain.

enable

Enables 802.11u on the HotSpot profile. IEEE 802.11u enables automatic WLAN offload for 802.1X devices at the HotSpot of mobile or roaming partners.

hessid

Configures the Homogenous Extended Service Set Identifier (HESSID). The HESSID is a 6-octet MAC address that uniquely identifies the network.

ipaddr-type

Configures the IPv4 address availability type.

nai-realm

Configures a realm for 802.11u enabled WLANs.

network-type

Configures the 802.11u network type and Internet access.

roam-oi

Configures the roaming consortium Organizational Identifier (OI) list.

Command Default

None.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.
8.0 This command supports only IPv4 address format.

Examples

The following example shows how to enable 802.11u on a HotSpot profile:

(Cisco Controller) >config wlan hotspot dot11u enable 6

config wlan hotspot dot11u 3gpp-info

To configure 3GPP cellular network information on an 802.11u HotSpot WLAN, use the config wlan hotspot dot11u 3gpp-info command.

config wlan hotspot dot11u 3gpp-info { add | delete} index country_code network_code wlan_id

Syntax Description

add

Adds mobile cellular network information.

delete

Deletes mobile cellular network information.

index

Cellular index. The range is from 1 to 32.

country_code

Mobile Country Code (MCC) in Binary Coded Decimal (BCD) format. The country code can be up to 3 characters. For example, the MCC for USA is 310.

network_code

Mobile Network Code (MNC) in BCD format. An MNC is used in combination with a Mobile Country Code (MCC) to uniquely identify a mobile phone operator or carrier. The network code can be up to 3 characters. For example, the MNC for T- Mobile is 026.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

Number of mobile network codes supported is 32 per WLAN.

Examples

The following example shows how to configure 3GPP cellular network information on a WLAN:

(Cisco Controller) >config wlan hotspot dot11u 3gpp-info add 

config wlan hotspot dot11u auth-type

To configure the network authentication type on an 802.11u HotSpot WLAN, use the config wlan hotspot dot11u auth-type command.

config wlan hotspot dot11u auth-type network-auth wlan_id

Syntax Description

network-auth
Network authentication that you would like to configure on the WLAN. The available values are as follows:
  • 0—Acceptance of terms and conditions

  • 1—On-line enrollment

  • 2—HTTP/HTTPS redirection

  • 3—DNS Redirection

  • 4—Not Applicable

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

The DNS redirection option is not supported in Release 7.3.

Examples

The following example shows how to configure HTTP/HTTPS redirection as the network authentication type on an 802.11u HotSpot WLAN:

(Cisco Controller) >config wlan hotspot dot11u auth-type 2 1

config wlan hotspot dot11u disable

To disable an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u disable command.

config wlan hotspot dot11u disable wlan_id

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to disable an 802.11u HotSpot on a WLAN:

(Cisco Controller) >config wlan hotspot dot11u disable 6

config wlan hotspot dot11u domain

To configure a domain operating in the 802.11 access network, use the config wlan hotspot dot11u domain command.

config wlan hotspot dot11u domain { add wlan_id domain-index domain_name | delete wlan_id domain-index | modify wlan_id domain-index domain_name}

Syntax Description

add

Adds a domain.

wlan_id

Wireless LAN identifier between 1 and 512.

domain-index

Domain index in the range 1 to 32.

domain_name

Domain name. The domain name is case sensitive and can be up to 255 alphanumeric characters.

delete

Deletes a domain.

modify

Modifies a domain.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to add a domain in the 802.11 access network:

(Cisco Controller) >config wlan hotspot dot11u domain add 6 30 domain1

config wlan hotspot dot11u enable

To enable an 802.11u HotSpot on a WLAN, use the config wlan hotspot dot11u enable command.

config wlan hotspot dot11u enable wlan_id

Syntax Description

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to enable an 802.11u HotSpot on a WLAN:

(Cisco Controller) >config wlan hotspot dot11u enable 6

config wlan hotspot dot11u hessid

To configure a Homogenous Extended Service Set Identifier (HESSID) on an 802.11u HotSpot WLAN, use the config wlan hotspot dot11u hessid command.

config wlan hotspot dot11u hessid hessid wlan_id

Syntax Description

hessid

MAC address that can be configured as an HESSID. The HESSID is a 6-octet MAC address that uniquely identifies the network. For example, Basic Service Set Identification (BSSID) of the WLAN can be used as the HESSID.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Examples

The following example shows how to configure an HESSID on an 802.11u HotSpot WLAN:

(Cisco Controller) >config wlan hotspot dot11u hessid 00:21:1b:ea:36:60 6

config wlan hotspot dot11u ipaddr-type

To configure the type of IP address available on an 802.11u HotSpot WLAN, use the config wlan hotspot dot11u ipaddr-type command.

config wlan hotspot dot11u ipaddr-type IPv4Type { 0 - 7} IPv6Type { 0 - 2} wlan_id

Syntax Description

IPv4Type

IPv4 type address. Enter one of the following values:

0—IPv4 address not available.

1—Public IPv4 address available.

2—Port restricted IPv4 address available.

3—Single NAT enabled private IPv4 address available.

4—Double NAT enabled private IPv4 address available.

5—Port restricted IPv4 address and single NAT enabled IPv4 address available.

6—Port restricted IPv4 address and double NAT enabled IPv4 address available.

7— Availability of the IPv4 address is not known.

IPv6Type

IPv6 type address. Enter one of the following values:

0—IPv6 address not available.

1—IPv6 address available.

2—Availability of the IPv6 address is not known.

wlan_id

Wireless LAN identifier between 1 and 512.

Command Default

The default values for IPv4 type address is 1.

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

8.0

This command supports only IPv4 address format.

Examples

The following example shows how to configure the IP address availability type on an 802.11u HotSpot WLAN:

(Cisco Controller) >config wlan hotspot dot11u ipaddr-type 6 2 6 

config wlan hotspot dot11u nai-realm

To configure realms for an 802.11u HotSpot WLANs, use the config wlan hotspot dot11u nai-realm command.

config wlan hotspot dot11u nai-realm { add | delete | modify} { auth-method wlan_id realm-index eap-index auth-index auth-method auth-parameter | eap-method wlan_id realm-index eap-index eap-method | realm-name wlan_id realm-index realm}

Syntax Description

add

Adds a realm.

delete

Deletes a realm.

modify

Modifies a realm.

auth-method

Specifies the authentication method used.

wlan_id

Wireless LAN identifier from 1 to 512.

realm-index

Realm index. The range is from 1 to 32.

eap-index

EAP index. The range is from 1 to 4.

auth-index

Authentication index value. The range is from 1 to 10.

auth-method
Authentication method to be used. The range is from 1 to 4. The following options are available:
  • 1—Non-EAP Inner Auth Method

  • 2—Inner Auth Type

  • 3—Credential Type

  • 4—Tunneled EAP Method Credential Type

auth-parameter

Authentication parameter to use. This value depends on the authentication method used. See the following table for more details.

eap-method

Specifies the Extensible Authentication Protocol (EAP) method used.

eap-method
EAP Method. The range is from 0 to 7. The following options are available:
  • 0—Not Applicable

  • 1—Lightweight Extensible Authentication Protocol (LEAP)

  • 2—Protected EAP (PEAP)

  • 3—EAP-Transport Layer Security (EAP-TLS)

  • 4—EAP-FAST (Flexible Authentication via Secure Tunneling)

  • 5—EAP for GSM Subscriber Identity Module (EAP-SIM)

  • 6—EAP-Tunneled Transport Layer Security (EAP-TTLS)

  • 7—EAP for UMTS Authentication and Key Agreement (EAP-AKA)

realm-name

Specifies the name of the realm.

realm

Name of the realm. The realm name should be RFC 4282 compliant. For example, Cisco. The realm name is case-sensitive and can be up to 255 alphanumeric characters.

Command Default

None

Command History

Release Modification
7.6 This command was introduced in a release earlier than Release 7.6.

Usage Guidelines

This table lists the authentication parameters.

Table 1. Authentication Parameters
Non-EAP Inner Method(1) Inner Authentication EAP Method Type(2) Credential Type(3)/Tunneled EAP Credential Type(4)

0—Reserved

1—Password authentication protocol (PAP)

2—Challenge-Handshake Authentication Protocol (CHAP)

3—Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

4—MSCHAPV2

1—LEAP

2—PEAP

3—EAP-TLS

4—EAP-FAST

5—EAP-SIM

6—EAP-TTLS

7—EAP-AKA

1—SIM

2—USIM

3—NFC Secure Element

4—Hardware Token

5—Soft Token

6—Certificate

7—Username/Password

8—Reserver

9—Anonymous

10—Vendor Specific

Examples

The following example shows how to add the Tunneled EAP Method Credential authentication method on WLAN 4:

(Cisco Controller) >config wlan hotspot dot11u nai-realm add auth-method 4 10 3 5 4 6 

config wlan hotspot dot11u network-type

To configure the network type and internet availability on an 802.11u HotSpot WLAN, use the config wlan hotspot dot11u network-type command.

config wlan hotspot dot11u network-type wlan_id network-type internet-access

Syntax Description

wlan_id

Wireless LAN identifier from 1 to 512.

network-type
Network type. The available options are as follows:
  • 0—Private Network

  • 1—Private Network with Guest Access

  • 2—Chargeable Public Network

  • 3—Free Public Network

  • 4—Personal Device Network

  • 5—Emergency Services Only Network

  • 14—Test or Experimental

  • 15—Wildcard

internet-access

Internet availability status. A value of zero indicates no Internet availability and 1 indicates Internet availability.